A policy may be a set of rules that are enforced on a device desiring to access a network and/or network resources. The policy may be applied due to characteristics of the device itself or a user of the device. A policy may also be enforced on an application. Policies may govern access to a network and may play a role in network security and defense. For example, at a policy enforcement point, a decision may be made regarding which parts of a network, if any, that a device or an application may be allowed to access. The device or application may then be allowed to access the network according to the decision made.
As packets in a traffic flow enter a network, each packet may be examined at an entry point or node in a network to determine a classification. A policy may be applied based on the classification. As a packet traverses the network, the packet may be reclassified at each point or node in the network for the purpose of applying a policy to the packet. This classification and reclassification process is costly in terms of resources expended. An additional issue with classification of packets is that user context information may not be available in each packet, thus limiting the types of policies that may be applied. Thus, there is a need to improve upon conventional policy enforcement in communication networks.